- AWS Audit
- EC2 Audit
Checks performed
- EC2 Instance Snapshots Should Not Be Public
- Long Running Instances Should Be Re-launched
- EC2 AMIs Should Not Be Public
- EC2 AMIs Should Be Encrypted
- EC2 Instances Should Not Reach vCPU Limit
- Blacklisted AMIs Should Not Be Used
- Default VPC Should Not Be In Use
- Security Groups Should Have Descriptions
- AMI Age Should Not Exceed the Configured Age
- EC2 Instance Should Be of Desired Type
- Detailed Monitoring for EC2 Instances Should Be Enabled
- EC2 Classic Should Not Be Used
- Scheduled Events for EC2 Instances
- EC2 Instances With Multiple Security Groups
- Termination Protection Should Be Enabled
- Unrestricted Netbios Access Should Not Be Allowed
- Unrestricted Outbound Access Should Not Be Allowed
- EC2 IAM Roles Should Be Used
- Restrict data-tier subnet connectivity to VPC NAT Gateway
- Unrestricted CIFS Access Should Not Be Allowed
- Unrestricted ICMP Access Should Not Be Allowed
- Unrestricted Inbound Access on All Uncommon Ports Should Not Be Allowed
- Unrestricted MongoDB Access Should Not Be Allowed
- Unrestricted MsSQL Access Should Not Be Allowed
- Unrestricted MySQL Access Should Not Be Allowed
- Unrestricted Oracle Access Should Not Be Allowed
- Security Group Port Range
- Unrestricted PostgreSQL Access Should Not Be Allowed
- Unrestricted RDP Access Should Not Be Allowed
- Unrestricted RPC Access Should Not Be Allowed
- Unrestricted SMTP Access Should Not Be Allowed
- Default Security Group Should Not Allow Unrestricted Public Traffic
- Unrestricted Telnet Access Should Not Be Allowed
- Unrestricted SSH Access Should Not Be Allowed
- Unrestricted Elasticsearch Access Should Not Be Allowed
- Unrestricted FTP Access Should Not Be Allowed
- EC2 Reserved Instances Should Not Have Payment Failed
- EC2 Reserved Instances Should Not Have Payment Pending
- EC2 Reserved Instances Recent Purchases Should Be Reviewed
- EC2-Classic Elastic IP Address Limit Should Not Be Reached
- EC2-VPC Elastic IP Address Limit Should Not Be Reached
- AWS EC2 Hibernation Should Be Enabled
- Instance Should Be Launched In Auto Scaling Group
- Reserved Instance Lease Expiration In The Next 30 Days
- Reserved Instance Lease Expiration In The Next 7 Days
- Security Group Excessive Counts
- Security Group Name Prefixed With launch-wizard Should Not Be Used
- EC2 Instance Count Should Not Exceed the Limit
- EC2 Instances Should Use Latest Generation
- Security Group Rules Counts
- Security Groups Should Not Allow Inbound Traffic From RFC 1918
- Unassociated Elastic IP Addresses Should Be Removed
- EC2 Instance Should Not Be In Public Subnet
- Unrestricted DNS Access Should Not Be Allowed
- Unrestricted HTTP Access Should Not Be Allowed
- Unrestricted HTTPS Access Should Not Be Allowed
- EC2 Instances Should Not Have Blacklisted Instance Types
- Unused Elastic Network Interfaces Should Be Removed
- Unused AMIs Should Be Removed
- Unused AWS EC2 Key Pairs Should Be Removed
- Reserved Instances Should Not Be Unused
- EC2 Instances Should Not Be Overutilized
- EC2 Instances Should Not Be Idle
- EC2 Instances Should Not Be Underutilized
- EC2 Instance Tenancy